BLOG CATEGORIES

IT Blog

Has Your Business Been Impacted by a CryptoLocker Virus?

January 4, 2018 - By: Derek Veillon

Despite the enormous publicity surrounding the staggering losses created by CryptoLocker and its variants, few small businesses have taken steps to prevent it. In this article are some of the best ways to avoid lost revenues and other negative results of ransomware infections.

Know the Facts of CryptoLocker

Despite common misconceptions, CryptoLocker and similar malware spreads through certain methods such as:

Opening a ZIP file from a spam email that’s disguised as normal correspondence

Drive-by downloads that occur without clicking a link or an acceptance button

Pop-up ads

Once the machine is infected, CryptoLocker takes the following steps.

It creates an autostart registry entry that hijacks the .exe file extension, so programs delete shadow copies and prevent local restoration.

It finds and communicates with command/control servers to get a public encryption key for the machine’s data.

It scans network and physical drives for common file extensions and encrypts those files, making them completely unusable.

The machine’s user then sees a ransom screen that demands the payment of a certain amount of bitcoin within 72 hours, in exchange for a private decryption key. Much of the public is unaware of the risks of CryptoLocker, and most malware removal tools will remove it, but the files will remain inaccessible.